def buildAdditionalData(self, alert, ignore=[], ignored={}, ip_options=[], tcp_options=[]): self.beginSection(_("Additional data")) self.beginTable() self.newTableCol(0, _("Meaning"), header=True) self.newTableCol(0, _("Value"), header=True) index = 1 for ad in alert["additional_data"]: value = None meaning = ad["meaning"] if meaning == "ip_option_code": ip_options.append((ad["data"], 0, None)) ignored[meaning] = "" if meaning == "ip_option_data": data = ad["data"] ip_options[-1] = (ip_options[-1][0], len(data), data) ignored[meaning] = "" if meaning == "tcp_option_code": tcp_options.append((ad["data"], 0, None)) ignored[meaning] = "" if meaning == "tcp_option_data": data = ad["data"] tcp_options[-1] = (tcp_options[-1][0], len(data), data) ignored[meaning] = "" if ad["data"] != None: value = ad["data"] if ad["type"] == "byte-string" and meaning != "payload": value = utils.hexdump(value) for field in ignore: if meaning != None and meaning == field[0]: ignored[meaning] = value break links = [] for url, text in env.hookmgr.trigger("HOOK_ALERTSUMMARY_MEANING_LINK", alert, meaning, value): if url: links.append("- <a target='%s' href='%s'>%s</a>" % \ (env.external_link_target, url, text)) if links: meaning = "<a class='popup_menu_toggle'>%s</a><span class='popup_menu'>%s</span>" % \ (meaning, "<br/>".join(links)) if not ignored.has_key(meaning): self.newTableCol(index, meaning or "Data content") self.newTableCol(index, utils.escape_html_string(value) if value is not None else None) index += 1 self.endTable() self.endSection()
def _itemFromValue(self, value): if isinstance(value, tuple): return value return value, None if self._support_link: return value[0], utils.escape_html_string(value[1]) else: return value[0]
def _escape_idmef(self, obj): if isinstance(obj, prelude.IDMEF): return Message(obj, htmlsafe=True) elif isinstance(obj, str): return escape_html_string(obj) elif isinstance(obj, tuple): return tuple((self._escape_idmef(o) for o in obj)) return obj
def render(self): cmd = self.parameters["command"] try: command = self.env.host_commands[cmd] except KeyError: raise Error("Attempt to execute unregistered command '%s'" % cmd) command = command.replace("$host", self.parameters["host"]).split(" ") output = subprocess.Popen(command, stdout=subprocess.PIPE, stderr=subprocess.STDOUT, close_fds=True).communicate()[0] output = utils.toUnicode(output) output = utils.escape_html_string(output).replace(" ", " ").replace("\n", "<br/>") self.dataset["command_output"] = output
def addLabelValuesPair(self, label, values, total_link): empty = True for i in values.values(): if i != 0: empty = False break if not self._got_value and empty: # do not add 0 only values at the beginning of the chart return if self._support_link and total_link: total_link = utils.escape_html_string(total_link) self._labels.append(label) clen = 0 if self._values: clen = len(self._values.values()[0]) total = 0 for name in values.keys(): if not self._values.has_key(name): if clen > 0: self._values[name] = [(0, None) for i in range(0, clen)] else: self._values[name] = [] value = self._itemFromValue(values[name]) self._values[name].append(value) total += value[0] self._total.append((total, total_link)) for name in self._values.keys(): if not values.has_key(name): self._values[name].append(self._itemFromValue(0)) self._got_value = True
def createInlineFilteredField(self, path, value, direction=None, real_value=None): if type(path) is not list and type(path) is not tuple: path = [ path ] else: if not path: return { "value": None, "inline_filter": None, "already_filtered": False } if type(value) is not list and type(value) is not tuple: if not real_value: real_value = value value = [ value ] extra = { } alreadyf = None for p, v in zip(path, value): if direction: if v is not None: operator = "=" else: operator = "!" if alreadyf is not False: alreadyf = self._isAlreadyFiltered(direction, p, operator, v or "") index = self.parameters.max_index extra["%s_object_%d" % (direction, index)] = p extra["%s_operator_%d" % (direction, index)] = operator extra["%s_value_%d" % (direction, index)] = v or "" self.parameters.max_index += 1 else: if alreadyf is not False and (self.parameters.has_key(p) and self.parameters[p] == [v]): alreadyf = True extra[p] = v or "" link = utils.create_link(self.view_path, self.parameters + extra - [ "offset" ]) return { "value": utils.escape_html_string(real_value), "inline_filter": link, "already_filtered": alreadyf }
def escape_value(value): if type(value) is str: return escape_html_string(value) return value
def render(self): criteria = getUriCriteria(self.parameters) if criteria is not None: ident = env.idmef_db.getAlertIdents(criteria)[0] else: ident = self.parameters["ident"] alert = env.idmef_db.getAlert(ident, htmlsafe=True)["alert"] self.dataset["sections"] = [ ] self.beginSection(self.getSectionName(alert)) self.buildTime(alert) self.beginTable() self.newTableEntry(_("MessageID"), alert["messageid"]) self.endTable() self.beginTable() self.buildClassification(alert) self.buildImpact(alert) self.endTable() self.beginSection(_("Actions")) for action in alert["assessment.action"]: self.buildAction(action) self.endSection() self.buildCorrelationAlert(alert) self.buildToolAlert(alert) self.buildReference(alert) self.beginSection(_("Analyzer #%d") % (len(alert["analyzer"]) - 1)) self.buildAnalyzer(alert["analyzer(-1)"]) self.buildAnalyzerList(alert) self.endSection() self.endSection() self.buildSourceTarget(alert) ip = self.buildIpHeaderTable(alert) tcp = self.buildTcpHeaderTable(alert) udp = self.buildUdpHeaderTable(alert) icmp = self.buildIcmpHeaderTable(alert) data = self.buildPayloadTable(alert) ignored_value = {} ip_options = [] tcp_options = [] group = ip.field_list + tcp.field_list + udp.field_list + icmp.field_list + data.field_list self.buildAdditionalData(alert, ignore=group, ignored=ignored_value, ip_options=ip_options, tcp_options=tcp_options) if len(ignored_value.keys()) > 0: def blah(b): if b >= 32 and b < 127: return chr(b) else: return "." self.beginSection(_("Network centric information")) self.beginTable(cl="message_summary_no_border") ip.render_table(self, "IP", ignored_value) self.ipOptionRender(ip_options) tcp.render_table(self, "TCP", ignored_value) self.tcpOptionRender(tcp_options) udp.render_table(self, "UDP", ignored_value) icmp.render_table(self, "ICMP", ignored_value) if ignored_value.has_key("payload"): val = {} payload = utils.escape_html_string(utils.hexdump(ignored_value["payload"])).replace(" ", " ") val["payload"] = "<span class='fixed'>%s</span>" % payload data.render_table(self, _("Payload"), val) val["payload"] = "<div style='overflow: auto;'>%s</div>" % utils.escape_html_string(ignored_value["payload"]).replace("\n", "<br/>") data.render_table(self, _("ASCII Payload"), val) self.endTable() self.endSection()
def _link_generator(cls, infos): for urlname, url in cls._value_generator(infos): yield '<a href="%(url)s" target="_%(urlname)s">%(urlname)s</a>' % { "urlname": utils.escape_html_string(urlname), "url": utils.escape_html_string(url) }
def filter(self, val, **kw): s = Filter.filter(self, val, **kw) return utils.escape_html_string(s)
def addLabelValuePair(self, label, value, link=None): self._labels.append(label) if self._support_link: self._values.append((value, utils.escape_html_string(link))) else: self._values.append(value)
def _setupDataSet(self, dataset, request, user, view=None, parameters={}): init_dataset(dataset, self._env.config, request) sections = prewikka.views.events_section, prewikka.views.agents_section, prewikka.views.stats_section, prewikka.views.settings_section, \ prewikka.views.about_section section_to_tabs = { } dataset["interface.sections"] = [ ] for section_name, tabs in sections: first_tab = None for tab_name, views in tabs: view_name = views[0] if not user or user.has(self._views[view_name]["permissions"]): if not first_tab: first_tab = view_name section_to_tabs[section_name] = [] section_to_tabs[section_name] += [ ((tab_name, utils.create_link(views[0]))) ] if first_tab: dataset["interface.sections"].append( (section_name, utils.create_link(first_tab)) ) if isinstance(parameters, prewikka.view.RelativeViewParameters) and parameters.has_key("origin"): view_name = parameters["origin"] elif view: view_name = view["name"] else: view_name = None if view_name and self._view_to_section.has_key(view_name): active_section = self._view_to_section[view_name] active_tab = self._view_to_tab[view_name] tabs = section_to_tabs.get(active_section, []) else: active_section, tabs, active_tab = "", [ ], "" dataset["interface.tabs"] = tabs dataset["prewikka.user"] = user if user: dataset["prewikka.userlink"] = "<b><a href=\"%s\">%s</a></b>" % (utils.create_link("user_settings_display"), utils.escape_html_string(user.login)) dataset["interface.active_tab"] = active_tab dataset["interface.active_section"] = active_section dataset["prewikka.logout_link"] = (user and self._env.auth.canLogout()) and utils.create_link("logout") or None
def get_html_select(selected_paths=None, default_paths=None, all_paths=True, max_paths=0): _default_paths = default_paths or { "Source IP": "alert.source(0).node.address(0).address", "Source Port": "alert.source(0).service.port", "Target IP": "alert.target(0).node.address(0).address", "Target Port": "alert.target(0).service.port", "Classification": "alert.classification.text", "Analyzer": "alert.analyzer(-1).name", } if selected_paths is None: selected_paths = [] _html_default_value = _gen_option_list(_default_paths.items(), selected_paths) html = """ <link rel="stylesheet" type="text/css" href="prewikka/css/chosen.min.css"> <link rel="stylesheet" type="text/css" href="prewikka/css/bootstrap-chosen.css">""" html += ( """<select class="data-paths chosen-sortable form-control" %s name="selected_path" data-placeholder="%s">""" % ("multiple" if max_paths != 1 else "", escape_html_string(_("Select paths..."))) ) html += """ <optgroup label="%s"> %s </optgroup> """ % ( escape_html_string(_("Default paths")), _html_default_value, ) if all_paths: _html_all_value = _gen_option_list( ((i, i) for i in _get_path_list() if i not in _default_paths.values()), selected_paths ) html += """ <optgroup label="%s"> %s </optgroup>""" % ( escape_html_string(_("All paths")), _html_all_value, ) html += """ </select> <script type="text/javascript"> $LAB.script("prewikka/js/chosen.jquery.min.js").wait() .script("prewikka/js/jquery-chosen-sortable.js").wait(function() { $(".data-paths").chosen({ max_selected_options: %d, width: "100%%", search_contains: true }).chosenSortable(); $(".data-paths").chosenSetOrder(%s); }); </script> """ % ( max_paths, list(selected_paths), ) return html